package org.example.conf;


import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

// 资源服务器配置

/**
 * 令牌验证机制‌
 * 通过 @EnableResourceServer
 * 注解自动启用令牌验证过滤器（OAuth2AuthenticationProcessingFilter），拦截请求并检查令牌有效性
 * 协作对象 ：授权服务器的令牌存储
 * 作用场景 ：验证请求令牌有效性
 */
@Configuration
@EnableResourceServer // 来源: org.springframework.security.oauth2.config.annotation.web.configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    /**
     * ‌资源保护规则‌
     * 在 configure(HttpSecurity http) 中定义 URL 路径的访问权限，
     * 例如 /user/** 路径需认证，其他路径允许匿名访问
     * @param http the current http filter configuration
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/user/**").authenticated()
                .anyRequest().permitAll();
    }
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception{
        resources.resourceId("resource-server");  // 资源服务器标识:ml-citation{ref="7" data="citationList"}
    }
}

